Sysdig Innovates Cloud Security with Consolidated CDR and CNAPP

Sysdig, the cloud security provider powered by runtime insights, is innovating cloud detection and response (CDR) and its Cloud-Native Application Protection Platform (CNAPP), consolidating the two technologies to enable instant threat detection within the cloud. With 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications, Sysdig’s platform directly addresses the growing security challenges associated with cloud environments through real-time investigation and real-time response.

According to Sysdig, many organizations leveraging the cloud suffer from slow, manual security processes that present a large attack opportunity for bad actors—with teams often left confused as to what actually happened.

“The challenge is that most cloud security tools today are really slow to identify that suspicious behavior, and once they alert you, your security teams can spend hours, if not days, trying to piecemeal and figure out exactly what happened and come up with the story,” explained Pawan Shankar, senior director of product marketing at Sysdig. “Whereas if you think about it from an attacker's perspective, all they need is a few minutes to steal your crown jewels.”

Sysdig’s CNAPP embedded with CDR responds to this challenge, providing a single, end-to-end cloud security platform from which enterprises can secure their critical applications against attacks. The platform now comprehensively understands the entire application lifecycle while consolidating the security tools around it for simpler, more effective cloud security.

“We take the knowledge of what's happening to help you prioritize vulnerabilities,” said Shankar. “And that's one of the ways that we cut down vulnerability noise and reduce the time it takes to manage those vulnerabilities that is really meaningful for customers.”

With end-to-end threat detection, breaches are stopped in their tracks instantly. By integrating the capabilities of open source cloud threat detection solution Falco, Sysdig now offers agentless deployment of Falco within Sysdig, enabling cloud log processing to detect threats across cloud, identity, software supply chains, and more. Sysdig GitHub detections further secure the software supply chain, delivering real-time alerts of critical events.

“In terms of threat detection and response, we consolidate that end-to-end, so now teams don't have to have different tools for detection response across containers, and separate ones for cloud environments, and a separate tool for identity and GitHub,” said Shankar. “You have one tool. All of that is built around Falco.” 

Compared to other cloud security solutions available on the market, the difference with Sysdig is “really around our runtime, understanding of what happens at runtime, and our detection responses,” Shankar explained. “Many of the other solutions have a piecemeal approach to how they look at threats, and not as real-time.”

Sysdig Okta detections tackle identity attack scenarios, where incidents such as multi-factor authentication fatigue can be mitigated through stitching Okta events with real-time cloud and container activity. The announcement also features enhanced drift control, where common runtime attacks are effectively prevented through dynamic blocking of executables not present in the original container.

Along with Sysdig’s innovations in cloud threat detection, the consolidation drives the effectiveness and speed of cloud investigations and incident response.

“It's not just about real time detection, it's also about real time threat investigation,” said Shankar. “You don't just need to help enterprises detect, [it’s also about] how to investigate and respond as quickly in real-time as possible.”

Live mapping applies an endpoint detection and response (EDR)-like approach when bringing together the real-time events that provide critical context of an existing breach, answering crucial questions like, “What is the context of the incident?” “How did the attacker get access?” and, “What did they do?”

Sysdig Live enables a dynamic view of an organization’s live infrastructure, workloads, and their relationships, speeding-up incident response times and alleviating the pressures of security teams racing against the clock to understand the breach.

Comprehensive cloud investigation continues with Sysdig Process Tree, a capability that drives accelerated identification and elimination of threats through a visualization of the attack journey, from user to process. Curated threat dashboards within Sysdig also aid in visualizing security issues through a centralized pane of glass, highlighting events throughout clouds, containers, Kubernetes, and hosts. Dynamic mapping against the MITRE framework for cloud-native environments is also available within Sysdig, further ensuring effective, real-time responses on behalf of an enterprise’s security team.

To learn more about Sysdig’s enhanced CNAPP, please visit